You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2010/12/12 23:35:20 UTC
Re: linkedin invitation spam
>>
>> Hello Greg Troxel,
>>
>> Am 2010-12-12 10:51:50, hacktest Du folgendes herunter:
>> > Trying to block this is a bit tricky, because when a user of one of
>> > these sites invites a specific person by entering an email address, it
>> > isn't really spam. The problem appears to be that the sites offer the
>> > ability to upload one's entire email contact list and then clueless
>> > users somehow click on the 'spam my entire addressbook' button.
>>
>> Sometimes my mailinglists are hit in a very short time by 10 to 20
>> invitations and multiply each be the factor 3-4000 which is not funny
>> if you have only a 100 Mbit internet connection.
>>
>> > A possible approach in SA is to have=20
>> >=20
>> > rules that matches each invitation type
>> > a metarule for INVITATION
>> >=20
>> > rules that match mailinglist messages (eg List-Id: for mailman)
>> > a metarule for mailinglists
>> >=20
>> > a metarule for invitation over a mailinglist, which IMHO is
>> > intrinsically spam and could well just get 5 points
>>
>> 1+
>>
>> I vote for a SA rule concerning MAILINGLISTS+INVITATION
>>
>> And I hate INVITE messages which use the Original Senders E-Mail because
>> if they would use the own domain I could block it on SMTP Level.
>>
Hi Michelle,
if everybody were using strict DKIM or SPF, these invites would go away :)
So how about trashing everything that says invite and LIKELY does not come from the sender's
domain?
Wolfgang
>> 300-500 INVITE spams per day from more than 400 socialnetworks worldwide
>> is realy annoying or better, I would call it terrorism.
>>
>> Thanks, Greetings and nice Day/Evening
>> Michelle Konzack
>>
>> --=20
Re: linkedin invitation spam
Posted by Per Jessen <pe...@computer.org>.
Martin Gregorie wrote:
> I don't remotely intend to go vigilante: I don't know how you got that
> from what I said, which I thought boiled down to:
>
> a) If an acquaintance asks you become a member that is not a problem.
In fact, acquaintance or otherwise, that is the whole idea :-)
> b) If a social site uses member address lists to send invitations
> to join without consulting the list owner then that is disreputable
> behaviour and the resulting invitations are UCE at best.
+1. Although I doubt that any reputable social networking site will do
that for very long.
> FWIW I'm far more annoyed by UCE agencies who either don't have an
> 'un-subscribe' capability or, much worse, who include the line "You're
> receiving this because you subscribed.... .... you can un-subscribe by
> visiting <<URL>>" and whose URL goes through the motions but doesn't
> actually unsubscribe you.
+1.
/Per Jessen, Zürich
Re: linkedin invitation spam
Posted by mouss <mo...@ml.netoyen.net>.
Le 13/12/2010 23:45, Martin Gregorie a écrit :
> On Mon, 2010-12-13 at 22:19 +0100, mouss wrote:
>> Le 13/12/2010 10:38, Martin Gregorie a écrit :
>>
>>> As others have said, it depends who sent it and why. Invitations sent
>>> specifically by people who know you aren't spam, but I've heard it said
>>> several times that Facebook auto-generates invitations from contact
>>> lists uploaded by new members and in my book that's definitely spam.
>>
>> no, that's not spam. that's stupid friends behaviour.
>>
> If you're certain that's the case I agree that its not really spam.
>
>> if you define spam in a too large way, you will lose some of us. feel
>> free to go the vigilante way.
>>
> I don't remotely intend to go vigilante: I don't know how you got that
> from what I said, which I thought boiled down to:
sorry, I didn't mean you are a vigilante. I just wanted to warn about
going there. nothing about _you_.
>
> a) If an acquaintance asks you become a member that is not a problem.
> b) If a social site uses member address lists to send invitations
> to join without consulting the list owner then that is disreputable
> behaviour and the resulting invitations are UCE at best.
fuly agreed. but that's how thing are going today. so I'll start by the
beginning: a stupid user gave them his addr book. I mean
- the guy who gave them his addr book is a stupid guy
- they should never ask for that
so both are guilty.
> c) If there's a way to distinguish (a) and (b) then it would be possible
> to treat (b) as UCE.
>
no. I think it's a different beast. there is no point to try to match
how some people have tried to define spam. we all know what spam is.
those ube, uce, blahblah-e are unhelpful. you know what spam is. I know
what spam is. there is no need to define it with 3 letters.
> I'm not doing anything about these invitations at present apart from
> hitting Delete,
same here. I checked linkedin mail and I found 2 messages that may be
spam. that's 2 in many years. there are things I don't like in linkedin
practice, but realy, I don't get nough spam from them to consider that
there is a problem. I get a lot more junk from yahoo...
> but if there was a distinguishing rule and I saw these
> invitations significantly more often than once or twice a year then I
> might well want to treat them like any other form of UCE. I'm not an ISP
> and don't run mailing lists, so I'm in the fortunate position of being
> able to deep-six UCE. If I want to buy something I'll research it with a
> search engine, by talking to friends, etc. but I DO NOT want to be
> bombarded with UCE just because I happen to have bought a similar item
> in the past.
>
please don't minsuderstand me. if you get a lot of spam from linkedin, I
would like to hear about it. I don't work for linkedin and I don't care
for their business, blah blah. I simply care for mail service. if you
convince me that linkedin are spammers, I'll have something to say about
blocking their mail. but for that, I want evidence. not just a vigilante
report with no evidence.
up so far, the only thing I've seen is a message forwarded by a debian
list. I myself am a member of many debian lists. I do get a lot of junk
in these lists, and that spam annoys me, but really, I consider that to
be the price for having open lists, and I like that.
> FWIW I'm far more annoyed by UCE agencies who either don't have an
> 'un-subscribe' capability or, much worse, who include the line "You're
> receiving this because you subscribed.... .... you can un-subscribe by
> visiting<<URL>>" and whose URL goes through the motions but doesn't
> actually unsubscribe you.
>
I'm more annoyed by junk sent to _other_ people. I mean "normal" people.
I can handle the junk I get (after postfix + spamassassin checks, I get
about 1 or 2 spams a month). but users of the service get more spam than
myself...
Re: linkedin invitation spam
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2010-12-13 at 22:19 +0100, mouss wrote:
> Le 13/12/2010 10:38, Martin Gregorie a écrit :
>
> > As others have said, it depends who sent it and why. Invitations sent
> > specifically by people who know you aren't spam, but I've heard it said
> > several times that Facebook auto-generates invitations from contact
> > lists uploaded by new members and in my book that's definitely spam.
>
> no, that's not spam. that's stupid friends behaviour.
>
If you're certain that's the case I agree that its not really spam.
> if you define spam in a too large way, you will lose some of us. feel
> free to go the vigilante way.
>
I don't remotely intend to go vigilante: I don't know how you got that
from what I said, which I thought boiled down to:
a) If an acquaintance asks you become a member that is not a problem.
b) If a social site uses member address lists to send invitations
to join without consulting the list owner then that is disreputable
behaviour and the resulting invitations are UCE at best.
c) If there's a way to distinguish (a) and (b) then it would be possible
to treat (b) as UCE.
I'm not doing anything about these invitations at present apart from
hitting Delete, but if there was a distinguishing rule and I saw these
invitations significantly more often than once or twice a year then I
might well want to treat them like any other form of UCE. I'm not an ISP
and don't run mailing lists, so I'm in the fortunate position of being
able to deep-six UCE. If I want to buy something I'll research it with a
search engine, by talking to friends, etc. but I DO NOT want to be
bombarded with UCE just because I happen to have bought a similar item
in the past.
FWIW I'm far more annoyed by UCE agencies who either don't have an
'un-subscribe' capability or, much worse, who include the line "You're
receiving this because you subscribed.... .... you can un-subscribe by
visiting <<URL>>" and whose URL goes through the motions but doesn't
actually unsubscribe you.
Martin
Re: linkedin invitation spam
Posted by mouss <mo...@ml.netoyen.net>.
Le 13/12/2010 10:38, Martin Gregorie a écrit :
> On Mon, 2010-12-13 at 08:17 +0100, Per Jessen wrote:
>> mouss wrote:
>>
>>> the sample posted by Michelle came to her via a debian list. debian
>>> lists are open (no subscription required) and thus attract a lot of
>>> spam.
>>
>> And whilst invitations such as those broadcasted are annoying, they're
>> not _really_ spam, are they?
>>
> As others have said, it depends who sent it and why. Invitations sent
> specifically by people who know you aren't spam, but I've heard it said
> several times that Facebook auto-generates invitations from contact
> lists uploaded by new members and in my book that's definitely spam.
no, that's not spam. that's stupid friends behaviour.
if your friend says "hey Facebook, please send an invitation to all my
frinds, and here are their addresses", then facebook isn't doing much
more than outlook, thunderbird or a script.
if you define spam in a too large way, you will lose some of us. feel
free to go the vigilante way. but keep in mind: if you make everybody
your ennemie, you'll have little chance to win.
if we spam fighters start saying that everybody doing business is a
spammer, and that everybody sending mail without having a phd in smtp is
spammer, ... then we're gonna lose. we might lose together, but that's a
"small together".
> If
> Facebook does it, I bet other disreputable social networks do too.
the most serious problem with all these is that they send invitations to
adresses who have never tried to register (I was about to say
non-members, but realised this would be restrictive).
I believe this is wrong. but unfortunately, It's just an opinion. if all
human beings were to vote, I'll lose.
>
> Is there any way to distinguish between the two types of invitation?
>
which "two" types?
when I get an "addr book disclosure" invitation, I simply ignore it.
there's nothing I can do about it. I gave my address to someone and that
one gave it out. I am not going to make my adress secret, because it
would be useless. and I am not going to use per-peer address, because
that doesn't work (unless you only know people who don't know each other).
let's fight spam, not our pen pals... because if you fight everybody,
you're gonna get tired very soon;-p
Re: linkedin invitation spam
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2010-12-13 at 08:17 +0100, Per Jessen wrote:
> mouss wrote:
>
> > the sample posted by Michelle came to her via a debian list. debian
> > lists are open (no subscription required) and thus attract a lot of
> > spam.
>
> And whilst invitations such as those broadcasted are annoying, they're
> not _really_ spam, are they?
>
As others have said, it depends who sent it and why. Invitations sent
specifically by people who know you aren't spam, but I've heard it said
several times that Facebook auto-generates invitations from contact
lists uploaded by new members and in my book that's definitely spam. If
Facebook does it, I bet other disreputable social networks do too.
Is there any way to distinguish between the two types of invitation?
Martin
Re: linkedin invitation spam
Posted by Per Jessen <pe...@computer.org>.
Matus UHLAR - fantomas wrote:
>> > as far as I know, linkedin mail comes from linkedin domains, and
>> > has valid DKIM sigs.
>>
>> Yep, I'm pretty certain of that too. I think I have a rule that
>> scores on coming from linkedin, but without verified dkim signature.
>
> now the question is, if we know it's an linkedin invitation, if we
> need to verify DKIM at all ;)
>
>> mouss wrote:
>> > the sample posted by Michelle came to her via a debian list. debian
>> > lists are open (no subscription required) and thus attract a lot of
>> > spam.
>
> On 13.12.10 08:17, Per Jessen wrote:
>> And whilst invitations such as those broadcasted are annoying,
>> they're not _really_ spam, are they?
>
> they are UBE, I'm not sure if that means spam to you...
Well, only when they're actually sent in bulk, so _that_ (the frequency)
is what needs to be looked at. Probably not a job for spamassassin, I
think eg. postfix has an inbound rate limiting mechanism.
/Per Jessen, Zürich
Re: linkedin invitation spam
Posted by mouss <mo...@ml.netoyen.net>.
Le 13/12/2010 11:47, Matus UHLAR - fantomas a écrit :
>>>>> as far as I know, linkedin mail comes from linkedin domains, and has
>>>>> valid DKIM sigs.
>>>>
>>>> Yep, I'm pretty certain of that too. I think I have a rule that scores
>>>> on coming from linkedin, but without verified dkim signature.
>
>> Le 13/12/2010 09:04, Matus UHLAR - fantomas a écrit :
>>> now the question is, if we know it's an linkedin invitation, if we need to
>>> verify DKIM at all ;)
>
> On 13.12.10 09:52, mouss wrote:
>> depends on your users.
>> if it's your own hobby mail system, you can block linkedin, facebook,
>> twitter, hotmail, yahoo, ... etc. nobody will complain ;-p
>
> I mean, if someone doesn't wish to receive linkedin invitations, (s)he does
> not need to check them for DKIM ...
>
Matus, stop this. you know all that stuff. we do need to accept mail
from linkedin, facebook, hotmail, yahoo, aol, ... mail service is a
service. if your users want mail from these networks, you can't say no.
can you? (if so, happy guy!).
>>>> mouss wrote:
>>>>> the sample posted by Michelle came to her via a debian list. debian
>>>>> lists are open (no subscription required) and thus attract a lot of
>>>>> spam.
>>>
>>> On 13.12.10 08:17, Per Jessen wrote:
>>>> And whilst invitations such as those broadcasted are annoying, they're
>>>> not _really_ spam, are they?
>>>
>>> they are UBE, I'm not sure if that means spam to you...
>>
>> if we're talking about messages sent by/via debian lists, they are not
>> unsollicited. you only receive them if you subscribe to debian lists.
>
> I don't think anyone subscribes to debian lists to receive LinkedIn (and
> other) invitations. Debian lists also aren't made to receive and distribute
> that kind of mail.
I don't think anyone subscribes to a list to receive all the messages
relayed by the list. and this applies to _this_ list.
what I mean is that you can't complain to joe@example.com because his
unwanted messages get past a list. I applaud to debian lists being still
open, but I do understand that this also means a lot of junk. and
linkedin isn't really the primary spammer of debian lists.
>
>> if we're about invitations received directly from linkedin, then they
>> are not necessarily bulk nor necessarily unsollicited. it would be
>> better to give real examples (evidence) so that we can talk about the
>> same thing.
>
> I'd say that a single invitation is never bulk, but such invitations
> globally are. And if they all were solicited, I think we would not discuss
> this problem here.
>
so let's take this differently. did you receive spam from linkedin? how
much? can you show evidence?
Re: linkedin invitation spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>>> as far as I know, linkedin mail comes from linkedin domains, and has
>>>> valid DKIM sigs.
>>>
>>> Yep, I'm pretty certain of that too. I think I have a rule that scores
>>> on coming from linkedin, but without verified dkim signature.
> Le 13/12/2010 09:04, Matus UHLAR - fantomas a écrit :
>> now the question is, if we know it's an linkedin invitation, if we need to
>> verify DKIM at all ;)
On 13.12.10 09:52, mouss wrote:
> depends on your users.
> if it's your own hobby mail system, you can block linkedin, facebook,
> twitter, hotmail, yahoo, ... etc. nobody will complain ;-p
I mean, if someone doesn't wish to receive linkedin invitations, (s)he does
not need to check them for DKIM ...
>>> mouss wrote:
>>>> the sample posted by Michelle came to her via a debian list. debian
>>>> lists are open (no subscription required) and thus attract a lot of
>>>> spam.
>>
>> On 13.12.10 08:17, Per Jessen wrote:
>>> And whilst invitations such as those broadcasted are annoying, they're
>>> not _really_ spam, are they?
>>
>> they are UBE, I'm not sure if that means spam to you...
>
> if we're talking about messages sent by/via debian lists, they are not
> unsollicited. you only receive them if you subscribe to debian lists.
I don't think anyone subscribes to debian lists to receive LinkedIn (and
other) invitations. Debian lists also aren't made to receive and distribute
that kind of mail.
> if we're about invitations received directly from linkedin, then they
> are not necessarily bulk nor necessarily unsollicited. it would be
> better to give real examples (evidence) so that we can talk about the
> same thing.
I'd say that a single invitation is never bulk, but such invitations
globally are. And if they all were solicited, I think we would not discuss
this problem here.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
Re: linkedin invitation spam
Posted by mouss <mo...@ml.netoyen.net>.
Le 13/12/2010 09:04, Matus UHLAR - fantomas a écrit :
>>> as far as I know, linkedin mail comes from linkedin domains, and has
>>> valid DKIM sigs.
>>
>> Yep, I'm pretty certain of that too. I think I have a rule that scores
>> on coming from linkedin, but without verified dkim signature.
>
> now the question is, if we know it's an linkedin invitation, if we need to
> verify DKIM at all ;)
>
depends on your users.
if it's your own hobby mail system, you can block linkedin, facebook,
twitter, hotmail, yahoo, ... etc. nobody will complain ;-p
>> mouss wrote:
>>> the sample posted by Michelle came to her via a debian list. debian
>>> lists are open (no subscription required) and thus attract a lot of
>>> spam.
>
> On 13.12.10 08:17, Per Jessen wrote:
>> And whilst invitations such as those broadcasted are annoying, they're
>> not _really_ spam, are they?
>
> they are UBE, I'm not sure if that means spam to you...
if we're talking about messages sent by/via debian lists, they are not
unsollicited. you only receive them if you subscribe to debian lists.
The rule is: if you subscribe to a mailing list, then be prepared to
receive mail from that list, be it mail you are interested in or not
(same goes for "solicited", "desired", ...).
if we're about invitations received directly from linkedin, then they
are not necessarily bulk nor necessarily unsollicited. it would be
better to give real examples (evidence) so that we can talk about the
same thing.
Re: linkedin invitation spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > as far as I know, linkedin mail comes from linkedin domains, and has
> > valid DKIM sigs.
>
> Yep, I'm pretty certain of that too. I think I have a rule that scores
> on coming from linkedin, but without verified dkim signature.
now the question is, if we know it's an linkedin invitation, if we need to
verify DKIM at all ;)
> mouss wrote:
> > the sample posted by Michelle came to her via a debian list. debian
> > lists are open (no subscription required) and thus attract a lot of
> > spam.
On 13.12.10 08:17, Per Jessen wrote:
> And whilst invitations such as those broadcasted are annoying, they're
> not _really_ spam, are they?
they are UBE, I'm not sure if that means spam to you...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
Re: linkedin invitation spam
Posted by Per Jessen <pe...@computer.org>.
mouss wrote:
> as far as I know, linkedin mail comes from linkedin domains, and has
> valid DKIM sigs.
Yep, I'm pretty certain of that too. I think I have a rule that scores
on coming from linkedin, but without verified dkim signature.
> the sample posted by Michelle came to her via a debian list. debian
> lists are open (no subscription required) and thus attract a lot of
> spam.
And whilst invitations such as those broadcasted are annoying, they're
not _really_ spam, are they?
/Per Jessen, Zürich
Re: linkedin invitation spam
Posted by mouss <mo...@ml.netoyen.net>.
Le 12/12/2010 23:35, hamann.w@t-online.de a écrit :
>>>
>>> Hello Greg Troxel,
>>>
>>> Am 2010-12-12 10:51:50, hacktest Du folgendes herunter:
>>>> Trying to block this is a bit tricky, because when a user of one of
>>>> these sites invites a specific person by entering an email address, it
>>>> isn't really spam. The problem appears to be that the sites offer the
>>>> ability to upload one's entire email contact list and then clueless
>>>> users somehow click on the 'spam my entire addressbook' button.
>>>
>>> Sometimes my mailinglists are hit in a very short time by 10 to 20
>>> invitations and multiply each be the factor 3-4000 which is not funny
>>> if you have only a 100 Mbit internet connection.
>>>
>>>> A possible approach in SA is to have=20
>>>> =20
>>>> rules that matches each invitation type
>>>> a metarule for INVITATION
>>>> =20
>>>> rules that match mailinglist messages (eg List-Id: for mailman)
>>>> a metarule for mailinglists
>>>> =20
>>>> a metarule for invitation over a mailinglist, which IMHO is
>>>> intrinsically spam and could well just get 5 points
>>>
>>> 1+
>>>
>>> I vote for a SA rule concerning MAILINGLISTS+INVITATION
>>>
>>> And I hate INVITE messages which use the Original Senders E-Mail because
>>> if they would use the own domain I could block it on SMTP Level.
>>>
> Hi Michelle,
>
> if everybody were using strict DKIM or SPF, these invites would go away :)
> So how about trashing everything that says invite and LIKELY does not come from the sender's
> domain?
>
as far as I know, linkedin mail comes from linkedin domains, and has
valid DKIM sigs.
the sample posted by Michelle came to her via a debian list. debian
lists are open (no subscription required) and thus attract a lot of spam.